Skip to content
VvW
About Races Blog Wiki FAQ Sign In Play Free ▶ Play Now

Privacy Policy

Last Updated: March 16, 2026 — duskmaw.com

Contents
  1. Data We Collect
  2. How We Use Data
  3. Legal Basis (GDPR)
  4. Data Retention
  5. Your Rights
  6. Cookies
  7. Third Parties
  8. Security
  9. Children
  10. Contact & DPO
This Privacy Policy explains how Vampires vs. Werewolves ("we", "us", "our") collects, uses, and protects your personal data when you use our Service at duskmaw.com. We are committed to full compliance with the EU General Data Protection Regulation (GDPR).

1 Data We Collect

We collect only the minimum data necessary to operate the Game and provide a safe, functional service. The categories of personal data we process are:

Data Category Examples Purpose
Account Data Email address, username, password hash, race selection, account creation date Account creation, authentication, and recovery
IP Address Your internet IP address at login and during sessions Security, fraud detection, rate limiting, abuse prevention
Gameplay Data Character stats, level, inventory, quest progress, combat logs, clan membership, in-game actions Game state management, balance, leaderboards
Session Data Session tokens, last login timestamp, browser type (User-Agent) Maintaining authenticated sessions, security
Chat & User Content In-game chat messages, clan messages, public posts Game functionality, moderation, abuse prevention

We do not collect payment card data, real-name information, physical addresses, or any sensitive special-category data as defined under GDPR Art. 9.

2 How We Use Data

We use collected data for the following purposes:

  • Service Operation: To create and maintain your account, save your game progress, and deliver core game functionality.
  • Authentication & Security: To verify your identity at login, detect unauthorized access, and protect accounts from compromise.
  • Abuse Prevention: To detect cheating, botting, multi-accounting, and other violations of our Terms of Service.
  • Communication: To send essential service emails (account confirmation, password reset, significant policy updates). We do not send marketing emails without explicit opt-in consent.
  • Game Balancing & Analytics: Aggregated, anonymized gameplay data is analyzed to improve game balance, fix bugs, and develop new features. This analysis does not involve individual profiling.
  • Moderation: To review reported content and enforce community standards and our Terms of Service.
  • Legal Compliance: To meet obligations under applicable law, including GDPR, and to respond to lawful requests from authorities.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.

3 Legal Basis (GDPR Art. 6)

Under the GDPR, we rely on the following lawful bases for processing your personal data:

  • Art. 6(1)(b) — Contract: Processing your account data, gameplay data, and session data is necessary to perform the contract of service you enter into when you register and use the Game.
  • Art. 6(1)(f) — Legitimate Interests: Processing IP addresses and security logs to prevent fraud, abuse, and unauthorized access is in our legitimate interest and that of our player community, provided such interests are not overridden by your fundamental rights.
  • Art. 6(1)(c) — Legal Obligation: In limited circumstances, we may need to process or retain data to comply with a legal obligation, such as responding to a court order.
  • Art. 6(1)(a) — Consent: Where we send optional communications (e.g., newsletters or promotional updates), we will ask for your explicit prior consent, which you may withdraw at any time.

4 Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, or as required by law:

  • Active Account Data: Retained for the lifetime of your account.
  • Inactive Accounts: Accounts with no login activity for 12 months will be flagged and notified by email. Following 30 days without response, the account and its associated data will be scheduled for deletion.
  • Security Logs (IP, session): Retained for 90 days for security and abuse-detection purposes, then automatically deleted.
  • Chat & Moderation Logs: Retained for 6 months, or longer where needed as evidence in an ongoing moderation or legal dispute.
  • Deleted Accounts: Upon account deletion, personal data is purged within 30 days from our production systems and within 90 days from backups.

Anonymized, aggregated data that cannot be used to identify any individual may be retained indefinitely for statistical and game development purposes.

5 Your Rights (GDPR)

Under the GDPR, you have the following rights with respect to your personal data. You may exercise any of these rights by contacting us at privacy@duskmaw.com.

Right of Access
Request a copy of all personal data we hold about you (Art. 15 GDPR).
Right to Rectification
Request correction of inaccurate or incomplete personal data (Art. 16 GDPR).
Right to Erasure
Request deletion of your personal data ("right to be forgotten") (Art. 17 GDPR).
⏸
Right to Restriction
Request that processing of your data be restricted in certain circumstances (Art. 18 GDPR).
Right to Portability
Receive your data in a structured, machine-readable format for transfer (Art. 20 GDPR).
Right to Object
Object to processing based on legitimate interests or direct marketing (Art. 21 GDPR).

We will respond to all rights requests within 30 days. If your request is complex or numerous, this may be extended by a further 60 days with prior notice. We will not charge a fee for reasonable requests.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your national supervisory authority. In the EU, a list of authorities is available at: edpb.europa.eu.

6 Cookies

We use a minimal cookie policy designed to respect your privacy:

  • Session Cookie: A single, strictly necessary session cookie is set upon login to maintain your authenticated session. This cookie is deleted when you log out or close your browser session. It contains no personally identifying information beyond a secure, random session token.
  • No Third-Party Tracking Cookies: We do not use any advertising, analytics, or social media tracking cookies. We do not integrate with Google Analytics, Facebook Pixel, or similar tracking services.
  • LocalStorage: The Game uses browser LocalStorage for client-side preferences (e.g., UI settings) and PWA caching. This data is stored locally on your device and is not transmitted to our servers.
Because we use only strictly necessary session cookies required for the Service to function, no cookie consent banner is required under ePrivacy Directive guidelines. We do not use any non-essential cookies.

7 Third Parties

We do not sell, rent, or trade your personal data to any third party for commercial or marketing purposes. Data sharing is limited to the following essential service providers:

  • Hetzner Online GmbH (Hosting): Our game servers and database are hosted on Hetzner infrastructure, located within the European Union (Germany). Hetzner acts as a data processor under a Data Processing Agreement (DPA) and processes data only on our instruction. Hetzner is GDPR-compliant. See: hetzner.com/legal/privacy-policy.
  • Google Fonts: Cinzel and Crimson Pro fonts are loaded from Google Fonts CDN. This involves a request to Google servers that may log your IP address. Google Fonts data is governed by Google's Privacy Policy. To avoid this, you may use a browser extension to block font CDN requests — the Game remains fully functional with system fallback fonts.
  • Transactional Email: If you request a password reset, a transactional email is sent via our email service provider. Email addresses are processed solely for delivery and not used for marketing.
  • Payment Processors: When you purchase optional cosmetic Gem packages, payment data (card details, billing address) is processed directly by our PCI-DSS-compliant payment processor — we never see or store full card numbers. Which processor handles your transaction depends on your selected currency and country:
    • Stripe Payments Europe, Ltd. (Ireland) — default processor for USD, EUR, PLN. Supports cards, Apple Pay, Google Pay, BLIK (PL), Przelewy24 (PL), SEPA, Bancontact, iDEAL. See: stripe.com/privacy.
    • WayForPay LLC (Ukraine) — processor for UAH transactions. Supports cards, Приват24, Monobank, Apple Pay, Google Pay. See: wayforpay.com/uk/confidentiality.
    • Pagar.me S.A. (Brazil) and MercadoPago (LatAm) — processors for BRL, MXN, ARS, COP, CLP transactions. Supports cards, PIX, Boleto, OXXO, PSE, Webpay. Activation per region.
    Each processor receives only the data necessary to process the payment (amount, currency, user identifier, email for receipt). We receive back a transaction ID, amount paid, and payment status — never your full card number.

We do not share data with law enforcement or government authorities except where required by a lawful order, court warrant, or applicable legal obligation. Where permitted, we will notify you of such requests.

8 Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS enforced site-wide).
  • Password Hashing: Passwords are never stored in plain text. We use bcrypt hashing with a sufficient cost factor.
  • Database Security: Our PostgreSQL database is not exposed to the public internet and is accessible only through secured, authenticated internal connections.
  • Rate Limiting: Login endpoints and sensitive actions are rate-limited to prevent brute-force attacks.
  • Access Control: Administrative access to production systems is restricted to authorized personnel using key-based authentication.
  • Regular Backups: Database backups are taken regularly and stored securely to enable recovery from incidents.

In the event of a personal data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected users without undue delay.

No system is completely secure. While we take strong precautions, we cannot guarantee the absolute security of data transmitted over the internet. You are responsible for keeping your account credentials confidential.

9 Children

Vampires vs. Werewolves is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13 years of age.

If you are under 13, you are not permitted to create an account or use the Service. If you are between 13 and 18, you must have the consent of a parent or legal guardian before registering.

If we discover that we have inadvertently collected personal data from a child under 13, we will take steps to delete that data promptly. If you believe a child under 13 has created an account, please contact us at privacy@duskmaw.com so we can investigate and remove the account.

Parents or guardians may request access to, correction of, or deletion of data belonging to a minor in their care by contacting us with appropriate verification.

10 Contact & Data Protection

For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact us:

Data Protection Contact:
Email: privacy@duskmaw.com
Response time: within 30 days (GDPR-mandated)

General Support:
Email: support@duskmaw.com

Website: duskmaw.com

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your EU member state of residence. The European Data Protection Board maintains a list of national authorities at edpb.europa.eu.

This Privacy Policy was last updated on March 16, 2026. We will update this Policy as our data practices evolve or when required by law, and will notify users of material changes via in-game notice and email.

Home About FAQ Contact Terms Termsmiddot; Drop Rates Privacy Rules

© 2026 Vampires vs. Werewolves — All rights reserved. World of Aeternum.